sssd-32bit-1.9.4-1.2.1>t 4 DpQ8/=„JAy، /[l>i#Z[ q65@MQEXF޾)/Ȕ KC 1˾\*l OO$^\@@>dl /iZecCPoZm >!|i|, mܣ~cf뚁б$y7طVvdc8}@0:ԖwbzkFәW3bxx0G^jzt[+f(ѠkKc.+C u8Q8/=„N;~Hr:kr`РjwbnE "2 Td ŨЗvKp(U Tj\K0XNE 2r5 ykPE v4|ߘ\U7akҷA"uYsee{FF45 :1[5 ]+Ð%晽zM H#/siFj$0fx#eǏoa_>8 Bjw%7Y1Jb d2D;A ԗP$)Qe@;kc87506efcd0005342c5c562cb2ebc859ee32524bX>=9?9d   9  $0 6 < H  4F(m8t)9):)>5G6H6 I6X6Y60\6L]6X^6|b6c7d7oe7tf7yl7{u7v7w8x8y89\99Csssd-32bit1.9.41.2.1System Security Services DaemonProvides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects like FreeIPA.Qbuild08PopenSUSE 12.3openSUSEGPL-3.0+ and LGPL-3.0+http://bugs.opensuse.orgSystem/Daemonshttps://fedorahosted.org/sssd/linuxx86_64/sbin/ldconfigwXvAQQQce5df306a8f94c7cee57701503f40d25d4c3859e3e850f73174820f2e793dc3crootrootrootrootrootrootsssd-1.9.4-1.2.1.src.rpmlibnss_sss.so.2libnss_sss.so.2(EXPORTED)pam_sss.sosssd-32bitsssd-32bit(x86-32)@@@@@@@@@@@@@@@@   /bin/shlibc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1)libc.so.6(GLIBC_2.1.3)libc.so.6(GLIBC_2.2)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.4)libc.so.6(GLIBC_2.8)libpam.so.0libpam.so.0(LIBPAM_1.0)libpam.so.0(LIBPAM_EXTENSION_1.0)libpam.so.0(LIBPAM_MODUTIL_1.0)libpthread.so.0libpthread.so.0(GLIBC_2.0)libpthread.so.0(GLIBC_2.12)libpthread.so.0(GLIBC_2.2)rpmlib(CompressedFileNames)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsLzma)3.0.4-14.0-14.4.6-14.10.2QQ \PPPPAOOO@O O|7O\NNw.N7N2N1O@MM?MM@MM2@Mv@M6@M5M LOLr@L@L@L{@K9@K9@KK@KKjJ@J@J rhafer@suse.comrhafer@suse.comrhafer@suse.comrhafer@suse.comjengelh@inai.dejengelh@inai.dejengelh@inai.dejengelh@inai.deben.kevan@gmail.comben.kevan@gmail.comben.kevan@gmail.comjengelh@medozas.derhafer@suse.dejengelh@medozas.derhafer@suse.dejengelh@medozas.dejengelh@medozas.derhafer@suse.derhafer@suse.derhafer@suse.derhafer@suse.derhafer@suse.derhafer@suse.derhafer@suse.derhafer@suse.derhafer@suse.deaj@suse.derhafer@novell.comrhafer@novell.comcoolo@novell.comrhafer@novell.comrhafer@novell.comrhafer@novell.comrhafer@novell.comrhafer@novell.comrhafer@novell.comrhafer@novell.comrhafer@novell.comrhafer@novell.comrhafer@novell.comrhafer@novell.com- fix package name in baselibs.conf (bnc#796423)- update to 1.9.4 (bnc#801036): * A security bug assigned CVE-2013-0219 was fixed - TOCTOU race conditions when creating or removing home directories for users in local domain * A security bug assigned CVE-2013-0220 was fixed - out-of-bounds reads in autofs and ssh responder * The sssd_pam responder processes pending requests after reconnect * A serious memory leak in the NSS responder was fixed * Requests that were processing group entries with DNs pointing out of any configured search bases were not terminated correctly, causing long timeouts * Kerberos tickets are correctly renewed even after SSSD daemon restart * Multiple fixes related to SUDO integration, in particular fixing functionality when the sssd back end process was changing its online/offline status * The pwd_exp_warning option was fixed to function as documented in the manual page - refreshed sssd-ldflags.diff to apply cleanly- Removed left-over "Requires" for no longer existing sssd-client subpackage. - New patch: sssd-ldflags.diff to fix link failures due to erroneous LDFLAGS usage- Switch back to using libcrypto instead of mozilla-nss as it seems to be supported upstream again, cf. https://lists.fedorahosted.org/pipermail/sssd-devel/2012-June/010202.html - Cleanup PAM configuration after uninstalling sssd (bnc#788328)- Update to new upstream release 1.9.3 * Many fixes related to deployments where the SSSD is running as a client of IPA server with trust relation established with an Active Directory server * Multiple fixes related to correct reporting of group memberships, especially in setups that use nested groups * Fixed a bug that prevented upgrade from the 1.8 series if the cache contained nested groups before the upgrade * Restarting the responders is more robust for cases where the machine is under heavy load during back end restart * The default_shell option can now be also set per-domain in addition to global setting.- Update to new upstream release 1.9.2 * Users or groups from trusted domains can be retrieved by UID or GID as well * Several fixes that mitigate file descriptor leak during logins * SSH host keys are also removed from the cache after being removed from the server * Fix intermittent crash in responders if the responder was shutting down while requests were still pending * Catch an error condition that might have caused a tight loop in the sssd_nss process while refreshing expired enumeration request * Fixed memory hierarchy of subdomains discovery requests that caused use-after-free access bugs * The krb5_child and ldap_child processes can print libkrb5 tracing information in the debug logs- Update to new upstream release 1.8.93 (1.9.0~beta3) * Add native support for autofs to the IPA provider * Support for id mapping when connecting to Active Directory * Support for handling very large (> 1500 users) groups in Active Directory * Add a new fast in-memory cache to speed up lookups of cached data on repeated requests * Add support for the Kerberos DIR cache for storing multiple TGTs automatically * Add a new PAC responder for dealing with cross-realm Kerberos trusts * Terminate idle connections to the NSS and PAM responders- Update to new upstream release 1.8.3 * LDAP: Handle situations where the RootDSE is not available anonymously * LDAP: Fix regression for users using non-standard LDAP attributes for user information - Switch from openssl to mozilla-nss, as this is the officially supported crypto integration- Fix build error on SLES 11 builds- Add suse_version condition for glib over libunistring for SLES 11 SP2. - Update to new upstream release 1.8.2 * Fix for GSSAPI binds when the keytab contains unrelated principals * Workarounds added for LDAP servers with unreadable RootDSE- Update to new upstream release 1.8.1 * Resolve issue where we could enter an infinite loop trying to connect to an auth server- Update to new upstream release 1.8.0 * Support for the service map in NSS * Support for setting default SELinux user context from FreeIPA * Support for retrieving SSH user and host keys from LDAP * Support for caching autofs LDAP requests * Support for caching SUDO rules * Include the IPA AutoFS provider * Fixed several memory-corruption bugs * Fixed a regression in the proxy provider- Fixed systemd related packaging issues (bnc#724157) - fixed build on older openSUSE releases- Resolve "have choice for libnl-devel: libnl-1_1-devel libnl3-devel"- Fixed typos in configure args - Cherry-picked password policy fixes from 1.5 branch (bnc#705768) - switched to fd-leak fix cherry-picked from 1.5 branch - Add /usr/sbin to the search path to make configure find nscd (bnc#709747)- Add patches to fix an fd leak in sssd_pam- Update to new upstream release 1.5.11 * Support for overriding home directory, shell and primary GID locally * Properly honor TTL values from SRV record lookups * Support non-POSIX groups in nested group chains (for RFC2307bis LDAP servers) * Properly escape IPv6 addresses in the failover code * Do not crash if inotify fails (e.g. resource exhaustion) - Remove redundant %clean section; delete .la files more efficiently- Update to 1.5.8: * Support for the LDAP paging control * Support for multiple DNS servers for name resolution * Fixes for several group membership bugs * Fixes for rare crash bugs- Update to 1.5.7 * A flaw was found in the handling of cached passwords when kerberos renewal tickets is enabled. Due to a bug, the cached password was overwritten with a (moderately) predictable filename, which could allow a user to authenticate as someone else if they knew the name of the cache file (bnc#691135, CVE-2011-1758) - Changes in 1.5.6: * Fixed a serious memory leak in the memberOf plugin * Fixed a regression with the negative cache that caused it to be essentially nonfunctional * Fixed an issue where the user's full name would sometimes be removed from the cache * Fixed an issue with password changes in the kerberos provider not working with kpasswd- Update to 1.5.5 * Fixes for several crash bugs * LDAP group lookups will no longer abort if there is a zero-length member attribute * Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- Should build in SLE-11-SP1 now- Updated to 1.5.4 * Fixes for Active Directory when not all users and groups have POSIX attributes * Fixes for handling users and groups that have name aliases (aliases are ignored) * Fix group memberships after initgroups in the IPA provider- Updated to 1.5.3 * Support for libldb >= 1.0.0 * Proper detection of manpage translations * Changes between 1.5.1 and 1.5.2 * Fixes for support of FreeIPA v2 * Fixes for failover if DNS entries change * Improved sss_obfuscate tool with better interactive mode * Fix several crash bugs * Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this * Delete users from the local cache if initgroups calls return 'no such user' (previously only worked for getpwnam/getpwuid) * Use new Transifex.net translations * Better support for automatic TGT renewal (now survives restart) * Netgroup fixes- Updated to 1.5.1 * Vast performance improvements when enumerate = true * All PAM actions will now perform a forced initgroups lookup instead of just a user information lookup This guarantees that all group information is available to other providers, such as the simple provider. * For backwards-compatibility, DNS lookups will also fall back to trying the SSSD domain name as a DNS discovery domain. * Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory * Support for ldap_tls_{cert,key,cipher_suite} config options * Assorted bugfixes- /var/lib/sss/pubconf was missing (bnc#665442)- It was possible to make sssd hang forever inside a loop in the PAM responder by sending a carefully crafted packet to sssd. This could be exploited by a local attacker to crash sssd and prevent other legitimate users from logging into the system. (bnc#660481, CVE-2010-4341)- Own /etc/systemd directories to fix build.- install systemd service file- Updated to 1.4.1 * Add support for netgroups to the LDAP and proxy providers * Fixes a minor bug with UIDs/GIDs >= 2^31 * Fixes a segfault in the kerberos provider * Fixes a segfault in the NSS responder if a data provider crashes * Correctly use sdap_netgroup_search_base * the utility libraries libpath_utils1, libpath_utils-devel, libref_array1 and libref_array-devel moved to their own separate upstream project (ding-libs) * Performance improvements made to group processing of RFC2307 LDAP servers * Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin * Manpage reviewed and updated- remove hard coded python version- No dependencies on %{release}- Updated to 1.3.1 * Fixes to the HBAC backend for obsolete or removed HBAC entries * Improvements to log messages around TLS and GSSAPI for LDAP * Support for building in environments using --as-needed LDFLAGS * Vast performance improvement for initgroups on RFC2307 LDAP servers * Long-running SSSD clients (e.g. GDM) will now reconnect properly to the daemon if SSSD is restarted * Rewrote the internal LDB cache API. As a synchronous API it is now faster to access and easier to work with * Eugene Indenbom contributed a sizeable amount of code to the LDAP provider - We now handle failover situations much more reliably than we did previously - We also will now monitor the GSSAPI kerberos ticket and automatically renew it when appropriate, instead of waiting for a connection to fail * Support for netlink now allows us to more quickly detect situations where we may have come online * New option "dns_discovery_domain" allows better configuration for using SRV records for failover - New subpackages: libpath_utils1, libpath_utils-devel, libref_array1 and libref_array-devel- Package pam- and nss-Modules as baselibs - cleaned up file list and dependencies - fixed init script dependencies- Updated to 1.1.0 * Support for IPv6 * Support for LDAP referrals * Offline failed login counter * Fix for the long-standing cache cleanup performance issues * libini_config, libcollection, libdhash, libref_array and libpath_utils are now built as shared libraries for general consumption (libref_array and libpath_utils are currently not packaged, as no component in sssd links against them) * Users get feedback from PAM if they authenticated offline * Native local backend now has a utility to show nested memberships (sss_groupshow) * New "simple" access provider for easy restriction of users - Backported libcrypto support from master to avoid Mozilla NSS dependency - Backported password policy improvments for LDAP provider from master- use logfiles for debug messages by default- subpackages for commandline tools, ipa-provider plugin and python API- Updated to 1.0.5. Highlights: * Removed some dead code (libreplace * Clarify licenses throughout the code- Updated to 1.0.4- Update to 0.6.0- fix LDAP filter for initgroups() with rfc2307bis setups- initial package submission/bin/sh1.9.4-1.2.11.9.4-1.2.1libnss_sss.so.2securitypam_sss.so/lib//lib/security/-fomit-frame-pointer -fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -gobs://build.opensuse.org/openSUSE:12.3/standard/bc2921a7546fe7106ee073f9910dc054-sssdcpiolzma5x86_64-suse-linuxELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=0x64ef8527fb507f78bd1a9e7da60b273ea23b4c23, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=0x692791c437ca019493aa837a97e78cd7eec98a62, strippeddirectoryPPRRRRRRRRR RRRPRRRRRRR R R R R RRRpackageand(sssd:pam-32bit)packageand(sssd:glibc-32bit)?0] crv9uZ_8%2èB eZNT<z-"Ã@,RkxhV:JR'fuą4 i%0uDg P5LH.*f\/_?y୧.P6==C!}q~FgP?j+*gBYlmY)`TĖŘٻ$l8R;OoŐXOuyOy,u`gn_3Yl=FT@\NZ>? GIy!o7 t#J~sVioրɗKMgEJwa3%_} M,D2o@$)Q׵t*0|n}{Xt+ F޲Ϊ@ ?'I4"e d*Ly-[9e ?CXz%tJ3WK֛S'!ʲ0 HׅJi,ć_+]@QzsF ;9w<B݅pUY@iȁx׸0#>͛ D^(clz0qhC>HՇg78!ɊvyyI.usGs:\l-5Ii(H/lC=ajAl.h Ԙ@ M\}QKra #Nv^}SXV rEN4os(pLbwB|gl)o;!"3y#4Fr3g"^YuV~pTW 7}$\)a"m[R󭒕m\LCׯZCY|Tʑ47-(mEC1\'[p2\9܁b4:[@^LczfpM =BfN=l[PH9I'aNi\M*Q,Q#6mlǔ%~O5K_sw6 |گqkHA~5Tx΅S7gX~`?6^WPo~ㆷvN+ sŔcZnj/cEAs9̳p14PfMi9w.]o0a;Eh,%m?Ԋ M9&:<"f3W}m5y䔳F_\϶Fx=Hn #9O ze4@~L ,"(asaeկ/Q7lID]= iPY\*3Vfd۠p^@kp0;=GMÛh0^ɰ)͒:Tޢ|'q6sB!y褼nY΅p;;PJN`"y }6k:{̓Ի2&&irW[iy/ʮҊhcLI>dϠcP'G՟EK!qbRK,THu2,(}~pJ04aY5:}^3im U\5\uoc_~ bJu"09S얌V gXfv/~}J=IJ𴚱IғDcÒr:QKWM=}Zӱִj7?[sBh"L ĥ̤iU5:@酉S_7aĽ؍Ҕlpշ r=WVSOT M?cC2 kr+;RK?a?|A Jc_N~`4/)uJY n> E?|xVQL֜6NXمhyBl7'PEo.MݣZ"vn6IsW{quf4oڐ, Hg`1=Mtˍ*w{il ͮW͆uwr A'yX;uꋑ=.SS\])wg*Ů`4}m.SV@RRT4M|piLWʙ0L8&BObSl 4)̀Ifm82)s%}D6Njo KuT-FY qwZ35 _n)K/B_ k`}:hSb?(Pd247OIO g)L:~=T"{\ҝwgH/ri\!7eq9P>OJ~Cȃ ̒}Nܓ#(+/YZk6``ePޙH6W_:_Ĕ ޚg\f)@$qǙS5m3.)xYFJ{zؿ4)Uݎ٦7,A[F>ZWX#">. p/BW $a{U';bcXׯh61oމ=Ώ Ꜻ/Y w>Ily:ƅ6V&ֽQp%~# Gd¥u䍢QN"$4mb[#~^{,ܕ׊[_>nF&HO#;GÇ 3IZqP"_UdXCw:\{9&eB0PS!T =8 ~>W{B BwM-Qj鏒;VefKW+ =bOsotgLl}cWMd}ʪxM :@)R1 )'K Ib5ưü䞅*4=0:U\4 G5ʩhC/|I!8`zی՘nRݫWy.f*>n+CO)?${,uCRFk3ĐvVg xNcHwola_2fX`ys^x(NC!ҏ+m[V_`aNF&OCvm,dh.DWejC[v aQz^nsuxI"~hYe]ehC1"„T vxq ĬC@/nHC]R~6~$1kۊg},\eDL{b~!?k7k )綃@mpLfխ%zz#)$پqC6qۍ =NWs6C4vSUͥM>H0NN=UJԶg$ 3-R 0_67^\W:;C€o7Ed9ZK.E o@=KƄb"pPpvB6-Y2؛ @̏_%~ a0{J!GJ%#A}sgʊ.R 6(cQO"_AqMRZSUaIZ+b1C)W[ ςcS2&ð+6'5va\D$c 84@EҷdHv ycN)Y<E]PQ2x( I?*5;o7bȔg{#%<uI>؏`/߭%\1&70XaNua)ݳiUFQILFvoig~sm&@ւ]eFK(߄)ke Vs,kP{-`= /j"Kn &4`٧Pm)F>L3.ކOƩ B}_-29A?]/*ᎲC<]B{'Z[ B5K)9kS-nL"~f#l'Kh>l+|^%+)5{f8lm{Յ韈\Y~Klk֤NɯR_bs]uqQ#SMĤJӀ/.3r4#.0>LGvfPd* /8=C؀qP;jKqb'ԑ.Qɯ*BGl}ٖ&,dWjpiklэz18Qʜ=x-J) MCLL"_Hf=;%wW%d!}b}rmڦߵ7`{:iRL~^ZYtawu̝ug80qǛ] ~G|1G ]̨:q?{.Fuѭ^Kj#룝m 0NL/dcSF詂>Y#^_pQ2DT& ev %}H;Avw_e ݱܮ+Hݚ$B_U%x%r2r.!'pYT 9Mr / t?x8_1d| Xxؠ !# v݇KhUR 4afإ19ӻu*"AYWYQԃ~y`H8#%!N}o?aO?Ҧ>WkrU!Q_^Iˮx`A`f% }hMDd<.Mzɻ>?_ f 䏲-}b%xwʛF>];*Up jC6Nٹڱ}c~T#P>_rݑ4kލ qNZ+|G\UX\wRO6J+9[Z'gHރ@OaFJ] \g4"%pf KYg j\FQ  tlh*Y7T&:(Q;RC3K U(hK"Hen(MWKec i2c}v]X4a6Q(]** ;m,In$&zCm).\Yr$w+7@/ /&hBpH451I,^~)]S+ rx* pcIٓۻŪ`O[2ɚ2mW{ta`wV㎅$d3$:PCzi`&@A NUΤYTk)P/">Ȕ'Hqda@:cC%QD&%C; DdV>\ 9< ў1zLS<(Uܦ wBݩ=IpBJl5íJnLE=K=]rNh8^%STڑ~1+RASULC[G]{ ,|;&2؃̩'trփ3 ~XMu 2xϥ3Ѡ{#*,'.D#]M*tIX/$EBvB6\(ٳ/!X 1VI=<#NzNnt.ùD!z82X$+ǷTYlLkP6G:~ˬ=L3 ̒ncIaqFs3QiOwT Ntd4ĭOr5xb2XB}~Ex`X:?&*y嚒Txc5{6% D 7sr) #w*F8^ua߀,CVUvB&,yF(eh}%Z.`Y?͝*eR^SOBoL݉>c1؇^`,91 !I:?iu,=QCTTj3݁6r3~}:x`Wee{Byҽ▒'&17%́*IF2tDul${D7Jzۢ|ʽ7 8&YcPhмYk* UNT)(Ds9wENRT0{u,.)Gb!ڪ+B3ܕ*NЋX0_O#!tGcj(hOm+f҇'b.ZKms~{c~! Tpr]̒\ zcex>/{nFiWnM*rz`m9U"C)iGl%JˆCzA9'˚.Yrag~.K=)zbE  38/vPVؾXAcnr.D^ 诀7Ah.*sYX@Z%A@c8S}Эjc^.mb+٣=oٌNN<桞ۭiOKe[d<%H=p='#gVѴjKIHY\|.cM'?nЗ3#OMrdz =8 &RM^w~%u;4". U=!NF١|mL!< K10(T[gQr̜l@@}Ay6R{ !V&ᔅvH3ؔXiG l gEc[\EpZf$s0l3U0A?W^@e2Z- !|Zm~ *M3]usE|j}7EB4#PT&;a.D!/LZxOՈ(ϵT"`)(aLqu{op~|7r[[_6\W| v"v)>mic!r5Ie,h 껣}uy\]@\l?!ѵx]Ewqf.)ةjXf Z}䀪֏0R׈$ ' W('C !k|4s5b׷;Sʥ_jFΓ/P/>?-4g#[[em viA&-;z sf/IGwD }_d!ij {f|'z[]Q0> DWa_x6f㐻,ގs CQ=H/Q*$L`t=:QCE>ZImGA(6y1 ! 'fpCF8U=SP1(?x>?|qm ) $]։yeXUZ]shQK2C(u Ցj)x*Zb7<ܽh?<fgCn !~ WڠQt 3|׭c5UU19D 8QV7Ȯ|>NQRmS66E4 _A }-v֢qpu]a"-8iF`I|X_Vàq:Ҕ8P:7 :i>8ۀ.oR BR$ }фNtXm†"%8+_]Bw/\Z? "Y1;rT<uΘ'߻Tj}f?"o1Y!#XTK}a_ćA#%ƈQ}~JA Z7IzޝSt;v^[*wv@3lZg(4:,HϷuCj04bQJ2| e7i3 J]̖wȋ"n~2%<_}@$vG{ s5%$zunlOhĞw`vҧ{57k/pR#òu7 N-o/U46Y1t-8t!!VkfXҊ\%)1Z-K+I]L.8hU2+gPˑ_5=9:-*llpOC"Cgb_$>@&V ]LJ:l˰B&--; xa붛amgpc\љ$0{,+x~>Cr[ WP?u4)}8 aD.2]\A݅m0bn<@G6ƕ~M#H:!é#>l^):hhu#_CɪY8嶍)g7LιǢc_ a2Pa!ZZd})TJ@[Cީ;nⷍC{Uۙp*Ay+KGuel}WE$2MS)"jnZƍk~);y&YnfwS灗1U#~"ഘ)'ć"ʣkqP87C!j>yq+!}/4-%?aWUC3W~H-2`96-M F;hz}k b@Qd x}ꗐ>LFxr(_,_#< 봔xWMzL1=" 70tĥUB?2'&z-rXo(Ȟ%~CimfRM"6QY $oժ'KxUR2<(shuL JJ2פoBX%ylWk|, j95m;k6'n,_@0<x1uP^N'W7_,JKVP֧m|eނb;c]-Q0[*ޘěgYL䐷;8=[1V͔5*t>xQ>A7$֜ P`kO aW"7aq=t.e3|ϛr@tVL=hːL$z,҇Na0Hdbrj6GbT,`DtQ;ݟ(5U{XQe66T WW3±mQN,חsQ:P'Þt%^"YRx&*9A"cbج{]!zzco7 +&T/oawh2V ڶEoEtd΋n+aFm+R)Q2} z墇)bfeӣ~Uօċ{H-0(+k; Oeer`*mM2Jt ci8j0̸*?ɪ!o+w{dd]𱕝XQ1l, )LE6r\|׭4Y[Tv},)&^.̈́KWz a J&Tyu{`؁h5#0'UlWS>Y g Oo= R4*!d+ ?X6AcԤNe;{1ЄY^?)ljdTu )D4?ǯFM:wRGН: n _TA*resADӄ(e.HR|wBo ,nDzݰ6}泹 ,~^ڎ4I=,q8fpG#Rڂ| :|]'J-4p FuBSu[V#Gq"ǿ \\c{AuU WbbZ"@aqW7cjg˲cgiP,#qfzDG15mzO~SF˜]WOHo/зaD?{eo\ȑ)A,Db3XڨLkGv"6h1~JOw01m_Ko!U}_l;?@ujRŏrغu\JB˶$ZQ }f?l5bjUb69L wRqL!ބiIM~e8H+#P<}5n_)FlU0&G۱jxq?|=^ɍƁN&L x_PMvTyƑ cwǏ|ah Kv u ӆ.e fS*[ՇO'p Wzw?OAxq-h:Twѯyj~d9lf1|e^-ֺ+ŹQ,قg6by WA"xKESњSg]vlv3na nm'rwSɭ3F=Δ{os?)f_Q6cqxP*:i 70 ^@O0E2dՠ-W|xSh_ 8 >`F x7JUײ(c%ImwY)S*GUKq'Onx'_9y3D@ʩUv೼ Cգղe;$xΫq]8>aOEDnvۭ"zJ iTeVsAI=]ZB@4|etTOd/>I:Ph/?Y}ֺ1- 47C 20L]3gtVNgxۨB],YI! Jp=$m{J4fuuExK2[g: T+|D\y,\ZxbS-uH"\F[MpQNM \PZ?U4.9O0qlz$X%Gd끩Sw%EBJ"o1"-e3_[3Y j/3Tn8ȂPP =)F['nf5} ~- V}S1+HY4bo%OIqoF K6n39xPRB/Y&Cc#L1(]6onmjh}'&+W fsӤ\ QjZLGK+4Tsp7 iqvc+t sQGzQ4DCPu5qoxu QJ ~c}x(wJ8]J ]\n櫿[ॸh?AJ o,QM51 a8I-+ZhpF lF{SGCo=ܽ/u?vIDͨ&]/@?AJpK>Ok'gs9zhJ!Ҥ$~n˄T'9gHB Puh<#W $Ov(s 2& !,wtz,fJ :d| UB4K?dM|}=$PX(0S)4x;W.!3Რ{ 1df"J?OL.7%*1L>쎶C띓+02k+2@(H+C9I:06aP~?ψHZ{ȹ ħ ։'zdpv}Ŧoc#іXg%Id-h}(^+$װ}̋VDlО7Ō@8!+sy|KMNO7+i"zSU|O7x0Nm<x y`a- yz0a}q6|؇(TrC-7 IBb4,\2Wy>?"ʫao{r~ QJЏk$$1L\2h[Nf,]@caLr4j؈O+Gzy,~Vh45&ǐFDFI> ]3 wX.6aEYoME7yqlEE`JWa3< 9-NV2[YuMIf)O,6(T/I  Eܰ^a,=rMo Pc X13/gq2Jk|c +5uhiQF)rsxA.p Rs=6%Ί'TK_}]_>ZUi`_M}(ƺgi]ǀ_KYo$ݞ22_A ё TxB-i0H3Voܬr l͚C.ߖ$QCw)jS,x \9Va_pЫ:cf*}^D0yU$M,- T嗚w<-uW7To% G+I3tHy3j8o2r)Ś/cOC-yͲ.N˶PX6mVIAz=@_k#,XuW;~ePߡ1#2}ur:Y8J/CE%] Oat~kMδ"`$ Ao ڗ Alis.#*c)(q ME~WZPUj^ *KoDCE;앗F] jZZs;LnV0^à="vU>X(gX@kxy*p#Cz9*?+@7) 8J^h@<bxɔft2& nWʵ<ˡZ8^l4(w59g¼M QJcԢl͵hO~Ueddc~D&#*&JGD_%YJ D(<+v&| Iyv:kʐ|"R/oA}#:5s $ںgfQcl+ȥ+xf3 $nw@O 7 %EY9RU$Й iK&`Td,8}ϱ0z?ցa!Uzi0XqІZF>9a07A73%-Sc'9m39"q4x}9Z []t GIrU*FXU,@'y<+/D58#G qBC/-Gklfk)KlZE"` &Ͳ -6-Svp.HZ7R߮bʛ{ HDV 2ʾ ڀFT*=W$2dK|Rfq욮#Ёdy0Py7}3m[$6y\LOן*K‡exr#zbkrcAy`T4IW`0FuX_M2J#&(?Sh0pt沭| ]pC'V;`1i=[C496}!-7vcF}8Nv[$y 2k\!$y9C=<7(XS1(WHa[G^^Fc UC}ՃW(8yy9ɊDH5D!XF (Ix&=06xupϊȌ8 :LLxbuu./AR+&Kf"|U{*/ Sx1alUW֘hI]ШpDvoQ8I*Ӻ!9&MrƼw-(He$N!mr"nhCE;@8]cОaΙ؅% [WT#ħ)L9U!)' ch{L1 b0 R h?LfbͣPxRxhCj{I|Jf:FȻ{EEe2/hixCnsM.7e7\:4&E/Q?;S+zҀ D*F W|F[{|["fNrLq.|BЛ0LQmn@(S}1Fz<8@Dž,=2$ m20ܹdRgn7zk>70  ~2k}Ը2,eɇ+b[C 6rc%V[%uFQ$L0ІE1-A>3d*u}_|r\t$ccv첿9좙p"XfwE98]`n\ѕ($xƛxE OĶYsZ"],Y4\(>Τ0;.ҟhu6:D2an,FO#_8/y}쯤O8%~3ujfҬCwHq wp `_䜞Ԣ0ɣ>!JȋF3V*?-F5\ [죴'XHI0(:1Z@5Xͭ`TZ>x`!cY2[o.ahRH[DIFb.1S)Cs xk|F)^$U7iAβk1 ka7=\.[wY(T…Mό]5s {Fz/|!!DEl!!kP/dd|$6%a[ Y O/Sk<`٢םCon|$U R3gMMҖ'!u#+ Z p()L1MKm-'2)JdKxL@ ]f񏎀`Ľ)8nw?KVgݭaS7L|m֕섽-gsSrqyx=GF [\oBϿ.Th^vGL=SPN̔_hPveUm=*@?Rt<.>A]Pر銲娠 )`,~T7dfUg310&&lg7j":ZA.j略[e /%o}æ :BArHY DٷL K,Ea̒?$nn"UpNHxX/9  Lsu5( VWf҄29祦" "cwJ9M8\֜J ,8g'8dc{Tw{dGQl4JOP=DܙEx4>uogsuy y{U&!^:ގ_O{**)Ѓ⻡WloY/v[n&<ҥsͶ#?V_o~+aLĖ@pfHUB8LBΉo |d^Mwk'TZ٥%2&6 < AVt&A'ˈI6Jv0u؁ϨaACX1Z*osYF/S1b;](A5m^ۘ)[urs m=*8/xJ%)׮TX\S2ts5q *_X: 2NO!EK ao)eC38&3iv1rLH=+J|Z^r_nŊ(~@x^ gVzejLzۿN:ʱ%Ps4c :nѺ=$Z\6:ͿK~k*.e Lûj:S^ NGfPG뇳UMp kY"&SːTv aQHx1T<^9/DYB&MP6N/W|".iI;ɈoӋLʩ gY{ذ=LЍdѻ8JP#r#-AoI .h?4P7 DO^Բ}v҈򊩎B-~u H7*gaHN ! Y%vqXش 0K$N+{㽸&ժk7{;^g¢R-6 <{ǧo \3'df lJq9·:o ѩqޔ~bḵ8مARM|ԭF*WRcRM!u5]DkZ`xj`+8EFcǏ:N~Z'2:4DXm(vYzVR0XtQ6cv6@eEK,O$GcLjwfMU94NG~QOǙmt(  E0r_E4) 0<ΒY F-kpu'S%`seQ뵛mߤf"SՎ #Dk"=^Remİ؋WT -|S4oqp{=)ɔՆnPeZr